SoK: Development of secure smart contracts - Lessons from a graduate course

Smart contracts are programs on top of blockchains and cryptocurrencies. This new technology allows parties to exchange valuable assets without mutual trust, with smart contracts controlling the interaction between the parties. Developing smart contracts, or more generally decentralized applications, is challenging. First, they run in a concurrent environment that admits race conditions; adversaries may attack smart contracts by influencing the order of transactions. Second, the required functionality is often based on roles and states. This proves to be difficult to implement in current smart contract languages. Third, as a distinctive feature, smart contracts are immutable, hence bugs cannot be corrected easily. At the same time, bugs may cause (and have already caused) tremendous losses; they are to be avoided by all means. This paper discusses our approach of teaching the development of secure smart contracts on the Ethereum platform at university level. This is a challenging task in many respects. The underlying technologies evolve rapidly and documentation lags behind. Available tools are in different stages of development, and even the most mature ones are still difficult to use. The development of secure smart contracts is not yet a wellestablished discipline. Our aim is to share our ideas, didactic concept, materials, insights, and lessons learned.